New policies installed. Minor problem & change(?)
Stephen Smalley
sds at epoch.ncsc.mil
Thu Jun 3 13:37:46 UTC 2004
On Wed, 2004-06-02 at 13:55, Tom London wrote:
> ('fixfiles relabel/check' now fails if run in enforcing mode
> ('Permission denied' for file_contexts). Works if you 'setenforce 0'
> first. Did I miss a change?)
No, this is a bug in the policy; setfiles_t needs r_dir_file(setfiles_t,
file_context_t).
> 2). Also, there now is a complete absence of 'avc' messages in
> /var/log/messages. Is this expected?
No. Auditing disabled in latest kernel for some reason.
> 3). I checked the scripts on the policy rpms and it looks like the
> reference to 'POLICYTYPE' is gone (replaced with 'SELINUXTYPE'). Is it
> safe to remove the 'POLICYTYPE=strict' line from /etc/sysconfig/selinux
> and from /etc/selinux/config? Can I safely remove one file?
Yes, and only /etc/selinux/config should be used now.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list